Total
34059 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8392 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead. | ||||
| CVE-2019-8387 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-11-21 | N/A |
| MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component. | ||||
| CVE-2019-8336 | 1 Hashicorp | 1 Consul | 2024-11-21 | N/A |
| HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances. | ||||
| CVE-2019-8236 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Macos, Windows | 2024-11-21 | 9.8 Critical |
| Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user. | ||||
| CVE-2019-8231 | 1 Magento | 1 Magento | 2024-11-21 | 7.2 High |
| In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification. | ||||
| CVE-2019-8230 | 1 Magento | 1 Magento | 2024-11-21 | 7.2 High |
| In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path. | ||||
| CVE-2019-8229 | 1 Magento | 1 Magento | 2024-11-21 | 7.2 High |
| In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates. | ||||
| CVE-2019-8226 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 7.5 High |
| Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an incomplete implementation of security mechanism vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2019-8150 | 1 Magento | 1 Magento | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout. | ||||
| CVE-2019-8144 | 1 Magento | 1 Magento | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods. | ||||
| CVE-2019-8137 | 1 Magento | 1 Magento | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update. | ||||
| CVE-2019-8136 | 1 Magento | 1 Magento | 2024-11-21 | 9.8 Critical |
| An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component. | ||||
| CVE-2019-8133 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 Medium |
| A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to denial of service. | ||||
| CVE-2019-8125 | 1 Magento | 1 Magento | 2024-11-21 | 7.2 High |
| A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution. | ||||
| CVE-2019-8124 | 1 Magento | 1 Magento | 2024-11-21 | 4.9 Medium |
| An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks. | ||||
| CVE-2019-8123 | 1 Magento | 1 Magento | 2024-11-21 | 5.3 Medium |
| An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes. | ||||
| CVE-2019-8122 | 1 Magento | 1 Magento | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution. | ||||
| CVE-2019-8121 | 1 Magento | 1 Magento | 2024-11-21 | 9.8 Critical |
| An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities. | ||||
| CVE-2019-8119 | 1 Magento | 1 Magento | 2024-11-21 | 7.2 High |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution. | ||||
| CVE-2019-8111 | 1 Magento | 1 Magento | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code. | ||||